undefined | Better HN

0 pointssimias7y ago0 comments

Indeed, the website serves you the crypto code but it runs totally on the client so it's perfectly safe and could in no way be backdoored.

More seriously, did they do anything to fix this obvious design flaw? If they want to fish a key they can just serve you a modified JS file and retrieve the key. Unless of course you chose to audit the JS served every time you browse the website.

0 comments

solarkraft7y ago

How would this be possible to fix? I currently don't see any possibility of this.

j / k navigate · click thread line to collapse

0 pointssimias7y ago0 comments

Indeed, the website serves you the crypto code but it runs totally on the client so it's perfectly safe and could in no way be backdoored.

0 comments

solarkraft7y ago

How would this be possible to fix? I currently don't see any possibility of this.

j / k navigate · click thread line to collapse